Cyber crooks are thought to be selling a zero-day vulnerability in Adobe Reader X and packaging it up in the most prevalent exploit kit in the world – Blackhole.
Russian firm Group-IB claimed to have confirmed the Adobe Reader flaw earlier this week, and reports have suggested that the flaw is fetching between $30,000 and $50,000 on the black market. As the Blackhole Exploit Kit is being used, some suspect the flaw is being used to serve up banking malware to unsuspecting Internet users.
As noted by Group-IB, however, the vulnerability can only be exploited after a user closes and then reopens the browser. The company did not explain why that was the case.
“Another variant is to organise interaction between the victim and the malformed PDF document. Either way, the vulnerability … has [a] very significant vector to be spread with bypassing of internal Adobe X sandbox, which is appealing for cyber crime gangs because in the past there was no documented method of how to bypass it with shellcode execution,” said Andrey Komarov, head of the international projects department at Group-IB.
Adobe said it is now in contact with Group-IB and is hoping to learn more from the Russian firm to determine whether the flaw was genuine.
“We are aware of the announcement from Group IB and have reached out to Group IB for additional information. We are now in communication with Group IB so we can make a determination whether or not this is in fact a vulnerability and a sandbox bypass,” a spokesperson told TechWeekEurope.
“Without additional details, and in particular a sample, there is nothing we can do, unfortunately, beyond continuing to monitor the threat landscape and working with our partners in the security community, as always. We will update you as soon as we have new information and a determination can be made.”
The company has had to deal with various vulnerabilities in its software over recent months, but has received plaudits for its quick response to found flaws.
In September, it was working with close partner Microsoft to patch vulnerabilities in Flash Player for Windows 8. However, in August, Google researchers warned that Adobe had left patches for 16 serious flaws out of its Reader update, which could have left users open to attack.
Are you a security expert? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…